You can now connect multiple repositories to a single repository, giving your teams a single repo to pull every package they need. This allows you to organize your artifacts by Line of Business (LOB) while ensuring that shared internal libraries and vendor images are managed centrally and remain always available to the teams that need them.

Why we built this

Enterprises need to balance easy access to artifacts with strict control over who can publish or promote them. Previously, the only way to aggregate repositories in Cloudsmith was through "Cloudsmith-to-Cloudsmith" upstreams. Because this wasn't a native fit for complex workflows, it introduced indexing delays and performance overhead that didn't meet the needs of large-scale delivery pipelines.

Connected repositories provide a native solution that offers:

• One repo for everything: Developers no longer need prior knowledge of the underlying repo structure. By connecting repositories, you present a single, shared location for builders to fetch any required image or package.
• No latency: Unlike older methods, there is no indexing delay. When a team pushes a new library or image to a connected repository, it is immediately available to every team that needs it.
• Abstracted governance: You can manage vendor and shared libraries "behind the scenes," isolating your developers from the underlying complexity of how you manage permissions and access control.

Connected repositories are built for workspace administrators who need a performant, unified way to distribute packages across a complex organization without re-architecting their existing delivery workflows.

Key features:

• Instant package availability: Packages are visible to consumers of the source repository the moment they are pushed, eliminating the need for secondary indexing.
• Priority-based resolution: Set clear rules for which repository "wins" if the same package version exists in multiple places, ensuring deterministic and secure builds.
• Inherited upstreams: If your shared library repository points to external sources like Maven Central or PyPI, your LOB repositories get access to those public packages automatically.
• Configuration where you work: Administrators can manage these connections via the UI or API, ensuring a consistent and auditable structure across the entire organization.

Getting started

This feature is currently in Early Access for Maven, Docker, Python, and NPM formats.

Review the documentation and contact us to enable Connected Repositories for your workspace.